[
https://issues.apache.org/jira/browse/SOLR-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326863#comment-14326863
]
Mark Miller commented on SOLR-7125:
-----------------------------------
So I've thought on this a bit. I guess this is best addressed by some work in
the ref guide on zk security - we recommend that if you are securing zk for
reasonable shared access that you need to lock down config and can't use
features such as this without an exploit risk.
In the longer term, I wonder if we can just stop allowing xslt execution...or
at least by default like we do binary uploads.
> Allow clients to upload/download configs via CloudSolrClient
> ------------------------------------------------------------
>
> Key: SOLR-7125
> URL: https://issues.apache.org/jira/browse/SOLR-7125
> Project: Solr
> Issue Type: Improvement
> Reporter: Alan Woodward
> Assignee: Alan Woodward
> Priority: Minor
> Fix For: 5.1
>
> Attachments: SOLR-7125.patch
>
>
> Adding new configs to ZK is still something of a pain point. We should add
> some helper methods to CloudSolrClient that make this easier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
